Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 2 and previous versions, JDK and JRE 5.0 Update 12 and previous versions, SDK and JRE 1.4.2_15 and previous versions, and SDK and JRE 1.3.1_20 and previous versions, when Firefox or Opera is used, allows remote malicious users to violate the security model for JavaScript outbound connections via a multi-pin DNS rebinding attack dependent on the LiveConnect API, in which JavaScript download relies on DNS resolution by the browser, but JavaScript socket operations rely on separate DNS resolution by a Java Virtual Machine (JVM), a different issue than CVE-2007-5273. NOTE: this is similar to CVE-2007-5232.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
sun jdk |
||
sun jdk 1.5.0 |
||
sun jdk 1.6.0 |
||
sun jdk 6 |
||
sun jre |
||
sun jre 1.3.0 |
||
sun jre 1.3.1 |
||
sun jre 1.4 |
||
sun jre 1.4.1 |
||
sun jre 1.4.2 |
||
sun jre 1.4.2 1 |
||
sun jre 1.4.2 3 |
||
sun jre 1.4.2 8 |
||
sun jre 1.4.2 9 |
||
sun jre 1.4.2 10 |
||
sun jre 1.4.2 11 |
||
sun jre 1.4.2 12 |
||
sun jre 1.4.2 13 |
||
sun jre 1.4.2 14 |
||
sun jre 1.5.0 |
||
sun jre 1.6.0 |
||
sun sdk |
||
sun sdk 1.3.1 01 |
||
sun sdk 1.3.1 01a |
||
sun sdk 1.3.1 16 |
||
sun sdk 1.3.1 18 |
||
sun sdk 1.3.1 19 |
||
sun sdk 1.4.2 |
||
sun sdk 1.4.2 03 |
||
sun sdk 1.4.2 08 |
||
sun sdk 1.4.2 09 |
||
sun sdk 1.4.2 10 |
||
sun sdk 1.4.2 11 |
||
sun sdk 1.4.2 12 |
||
sun sdk 1.4.2 13 |
||
sun sdk 1.4.2 14 |
||
sun sdk 1.4.2 15 |